1. Field of the Invention
This invention relates to security in personal computer systems, and more particularly to a technique for preventing unauthorized access to computer system resources through the use of secure general purpose input/output (I/O) pins.
2. Description of the Related Art
The prevention of data theft is extremely important in home computer systems and systems designed to exist on corporate networks. Companies and individuals spend large sums of time and money developing data that resides in these systems. Adequately protecting a computer system's resources from unauthorized access is thus a primary concern of computer users.
To address various security issues, including protection of system ROM and other memory locations, a security device was developed as described in commonly-assigned U.S. patent application Ser. No. 08/779,061, entitled "SECURITY CONTROL FOR PERSONAL COMPUTER," which is hereby incorporated by reference for all purposes as if set forth in its entirety. The security device described therein provides a secure method for access to different system resources. The security device operates by providing multiple hardware "lock" signals capable of being toggled by the user. The lock signals restrict access to specific system resources when asserted. In general, a user enters a password for a particular memory "slot" in the security device. The memory slot is then placed in a "protected" state by issuing a "protect resources" command to the security device. While in the locked state, a lock signal is asserted, which secures system resources. To unlock the slot, the user issues an "access resource" command to the security device, followed by entry of the correct password. Correctly entering a slot's password changes the state of the slot to "unprotected." The security device password may only be written if the slot is in the unprotected state. The security device can only verify and does not divulge the password, thereby enhancing the security of the system.
In the previous security device, a slot (slot 0) is provided to protect the computer system's Flash ROM from unauthorized writes. This slot prevents viruses and unauthorized users from indiscriminately erasing contents of the Flash ROM. After power-up, the BIOS loads the existing Flash ROM password into the slot 0 and executes the "protect resources" command for that slot, thereby disabling writes to the Flash ROM. The security device remains in the protected state until a user successfully enters the password and unlocks the slot.
Another slot (slot 1) is used in the prior device for protecting the power-on password, which is typically stored in battery-backed nonvolatile memory. This slot allows changing of the power-on password during normal run-time. This feature alleviates the necessity of cycling power to the machine in order to change the power-on password.
As generally appreciated by computer system designers, however, providing computer security is not a static process. Technology and concomitant threats to security continue to develop at a rapid pace. Many security threats arise due to the proliferation of networked computers. Neither of the slots in the aforementioned security device could be remotely controlled by a network administrator or authorized network user desiring to access secured features of a network computer incorporating the security device.
Further, computer systems have traditionally incorporated system components--such as PCI/ISA bridges and Super Input/Output (I/O) chips--that provide general purpose I/0 pins. The general purpose I/O pins allow for the control and monitoring of various system resources. However, current systems do not provide a method of restricting access to those pins. Restricted access to at least some of the general purpose I/O pins would be desirable in a system context when the pins in question are to be utilized for security purposes.